BIND DNS server does not return an answer for dig +trace but it does when DNSSEC validation is disabled.

Solution Verified - Updated -

Issue

  • BIND DNS server does not return an answer for dig +trace command.

    # rndc validation check
DNSSEC validation is enabled (view _default)

# dig @<DNS server> +trace example.com

; <<>> DiG 9.16.23-RH <<>> @<DNS server> +trace example.com
; (1 server found)
;; global options: +cmd
;; Received xx bytes from <DNS server>#53(<DNS server>) in yyy ms

===> no answers returned

  • But the same command returned answer when DNSSEC validation is disabled in bind.

    # rndc validation off
# rndc validation check
DNSSEC validation is disabled (view _default)

# dig @<DNS server> +trace example.com

; <<>> DiG 9.16.23-RH <<>> @<DNS server> +trace example.com
; (1 server found)
;; global options: +cmd
.                       86400   IN      NS      k.root-servers.net.
.                       86400   IN      NS      d.root-servers.net.
.                       86400   IN      NS      c.root-servers.net.

...

example.com.                  300     IN      A       xxx.xxx.xxx.xxx
example.com.                  300     IN      A       xxx.xxx.xxx.yyy

Environment

  • Red Hat Enterprise Linux 9
  • bind 9.16

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content